The UK's Information Commissioner's Office fined Capita £14 million for negligent cybersecurity practices following a Black Basta ransomware attack that exposed data from 6 million people. The breach stemmed from an unaddressed Qakbot infection where SOC alerts went unresponded for 58 hours, lateral movement wasn't contained, and years of unpatched Active Directory vulnerabilities enabled privilege escalation. Key failures included understaffed SOC operations that never met internal SLAs, lack of penetration testing for systems with personal data, ignoring repeated pentest findings about domain admin security, and misleading public communications. Organizations should prioritize properly staffed SOCs with achievable targets, default-deny network policies, regular external penetration testing, Active Directory hardening, transparent crisis communications, and honest pre-emptive testing of security controls.
Table of contents
Some brief backgroundBlack Basta ransomware group extorts Capita with stolen customer data, Capita fumble response.Russian hackers exfiltrated data from Capita over a week before outageInitial accessLoss of dataUpdate on cyber incidentSort: